2024-06-12_b7747cdc7f6647a9443b28bbb5c45cbb_backswap_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-12_b7747cdc7f6647a9443b28bbb5c45cbb_backswap_mafia
Size

548KB
MD5

b7747cdc7f6647a9443b28bbb5c45cbb
SHA1

c9caa3b3a8417be8de83194a59125a8b6371cc88
SHA256

57a2b9b192919c20549e7a676c53e10f7f99b656a0bb926605402fee5c8da9b2
SHA512

48947d4390aa88dff66cb026551f408e7cc8ef0c1d758551282441a4dea1e42ed6945525340fbb6d8a7ddf44e83c2559f3ff5406dcf6a63304f21ff5365cbcc2
SSDEEP

12288:eDWIT2pztq3wXdUbupYn4jOJEJr9KZRO2DeGcCwa/FnTBr+H2YvekeGZ:jdy3O2DqCwa/FnTBr+HzJZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-12_b7747cdc7f6647a9443b28bbb5c45cbb_backswap_mafia

Files

2024-06-12_b7747cdc7f6647a9443b28bbb5c45cbb_backswap_mafia
.exe windows:5 windows x86 arch:x86

4467d77e1e1d6dbe0620368a2525e955

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Documents\Tencent Files\377511800\FileRecv\RGSSD3D_Fux2\RGSSD3D_Repo\Game\Game.pdb

Imports

kernel32

Sleep
GetFileAttributesW
GetModuleFileNameW
GetPrivateProfileIntW
GetStdHandle
GetLastError
SetCurrentDirectoryW
SetConsoleTitleW
CreateThread
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpyW
SetEndOfFile
GetTimeZoneInformation
CreateFileW
SetEnvironmentVariableA
CompareStringW
CreateFileA
WriteConsoleW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetPrivateProfileStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
HeapSize
FlushFileBuffers
CloseHandle
GetLocaleInfoW
ReadFile
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetHandleCount
HeapCreate
IsProcessorFeaturePresent
GetConsoleMode
GetConsoleCP
WriteFile
GetFileType
InitializeCriticalSectionAndSpinCount
ReadConsoleA
FreeLibrary
AllocConsole
WriteProcessMemory
DeleteCriticalSection
EnterCriticalSection
GetProcAddress
LeaveCriticalSection
ReadProcessMemory
LoadLibraryW
InitializeCriticalSection
QueryPerformanceFrequency
GetProcessTimes
QueryPerformanceCounter
GetTickCount
GetCurrentProcess
SetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
GetProcessHeap
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
HeapAlloc
RtlUnwind
RaiseException
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetCommandLineA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindNextFileW
FindFirstFileExW
ExitProcess
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EncodePointer
DecodePointer
HeapFree
GetModuleHandleW

user32

MessageBoxW
DefWindowProcW
GetSystemMetrics
RegisterClassW
AdjustWindowRectEx
CreateWindowExW
ShowWindow
SetWindowPos
GetWindowLongW
SetRect
LoadIconW
UnregisterClassW
DestroyWindow
DispatchMessageW
CopyRect
SetWindowTextW
SendMessageW
InsertMenuW
GetMenuItemCount
EndDialog
ClientToScreen
SetCursor
LoadCursorW
CopyIcon
SetCursorPos
SetClassLongA
ClipCursor
GetCursor
LoadCursorFromFileA
TranslateAcceleratorW
MapVirtualKeyW
GetSystemMenu
SetTimer
GetMessageW
PostQuitMessage
GetKeyNameTextA
SetForegroundWindow
DialogBoxParamW
GetDC
TranslateMessage
LoadAcceleratorsW
PeekMessageW
ReleaseDC
SetWindowLongW

gdi32

DeleteObject
GetTextMetricsW
DeleteDC
CreateFontIndirectW
GetStockObject
SelectObject
CreateCompatibleDC
RemoveFontResourceExW
AddFontResourceExW
EnumFontFamiliesExW
GetGlyphOutlineW

advapi32

RegOpenKeyExW

imm32

ImmDisableIME

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateSprite
D3DXGetImageInfoFromFileW
D3DXFillTexture
D3DXMatrixMultiply
D3DXMatrixTransformation2D
D3DXGetImageInfoFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateEffect
D3DXSaveTextureToFileW
D3DXCreateTexture
D3DXCreateTextureFromFileExW

xinput1_3

ord2

gdiplus

GdiplusShutdown
GdiplusStartup

wmvcore

WMCreateSyncReader

shlwapi

PathFileExistsW

Sections

.text
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4467d77e1e1d6dbe0620368a2525e955

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

imm32

d3d9

d3dx9_43

xinput1_3

gdiplus

wmvcore

shlwapi

Sections

.text Size: 298KB - Virtual size: 298KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 21KB - Virtual size: 32KB

.rsrc Size: 162KB - Virtual size: 161KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 298KB - Virtual size: 298KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 21KB - Virtual size: 32KB

.rsrc
Size: 162KB - Virtual size: 161KB

.reloc
Size: 23KB - Virtual size: 22KB